[dlc-dev] Security of Discreet Log Contract Attestation Schemes

Lloyd Fournier lloyd.fourn at gmail.com
Tue Feb 2 07:13:12 CET 2021


Hi List,

This week I've done some work on defining security for DLC oracles.
Please see: https://github.com/LLFourn/dlc-sec/blob/master/main.pdf

The point I've touched on so far is "unforgeability" -- an adversary cannot
forge an oracle attestation without the secret key.
I guess it seemed obvious to everyone that the original scheme was secure
in this respect but a precise answer had never been given until now.
My result is interesting as it implies that we can show the scheme from the
original  paper secure in the plain model (not random oracle model) by
reduction from the *one-more* discrete logarithm problem. Or said another
way the security is more straightforward than Schnorr signatures
themselves. Another thing that becomes clear is that the security depends
on the collision resistance of the hash function (Schnorr doesn't normally
depend on this).

The proof can easily be modified to work with the simplified scheme I
suggested here [1]. Apart from being more efficient the simplified scheme
does not rely on the collision resistance of a hash function since it
doesn't use a hash function.

There are more aspects of DLC security to consider but I felt this was the
most important. The paper is very terse -- please let me know where you
think I should expand upon it.

Cheers,

LL

[1] https://mailmanlists.org/pipermail/dlc-dev/2020-December/000002.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailmanlists.org/mailman/private/dlc-dev/attachments/20210202/2bee992d/attachment.htm>


More information about the dlc-dev mailing list